Author Archives: CSIRT

HAProxy Found Vulnerable to Critical HTTP Request Smuggling Attack

A critical security vulnerability has been disclosed in HAProxy (https://en.wikipedia.org/wiki/HAProxy) , a widely used open-source load balancer and proxy server, that could be abused by an adversary to possibly smuggle HTTP requests, resulting in unauthorized access to sensitive data and execution of arbitrary commands, effectively opening the door to an array of attacks. Tracked as CVE-2021-40346 (https://nvd.nist.gov/vuln/detail/CVE-2021-40346), […]

Gutenberg Template Library & Redux Framework Bugs Plague WordPress Sites

Two vulnerabilities in the site-building plugin could be useful tools in the hands of a skilled attacker, researchers warned. Two vulnerabilities have been found in the Gutenberg Template Library & Redux Framework plugin for WordPress, which is installed on more than 1 million websites. They could allow arbitrary plugin installation, post deletions and access to […]

Multiple Cisco Products Server Name Identification Data Exfiltration Vulnerability

Medium Advisory ID: cisco-sa-sni-data-exfil-mFgzXqLN First Published: 2021 August 18 16:00 GMT Version 1.0: Interim Workarounds: No workarounds available Cisco Bug IDs: CSCvy50873CSCvy64824CSCvy76771 CVSS Score: Base 5.8 CVE-2021-34749 CWE-200 Download CVRF Email Summary A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort […]

COVID-19 Contact-Tracing Data Exposed, Fake Vax Cards Circulate

COVID-19-related exploitation and abuse is on the rise as vaccine data opens new frontiers for threat actors. This week, the Indiana Department of Health issued a notice that the state’s COVID-19 contact-tracing system had been exposed via a cloud misconfiguration, revealing names, emails, gender, ethnicity, race and dates of birth of more than 750,000 people. The incident shows […]

Phishing attacks increase in H1 2021, sharp jump in crypto attacks

Overall, the first half of 2021 shows a 22 percent increase in the volume of phishing attacks over the same time period last year, PhishLabs reveals. Notably, however, phishing volume in June dipped dramatically for the first time in six months, immediately following a very high-volume in May. “Bad actors continue to utilize phishing to […]